Ex-Microsoftie Arrested for Pirating Windows Activation Software

A former Microsoft employee engaged an unnamed tech blogger in France, attempting to distribute and clone activation software that the firm uses to OK new installs of Windows 8. Following an internal investigation, Microsoft turned the case over to the FBI, and the man has been arrested and charged by the United States with intent to convert trade secrets.

"Microsoft's [internal] investigation revealed unauthorized transmissions of proprietary and confidential Microsoft products and information to the blogger," FBI special agent Armando Rameriz notes in a sworn statement. "[The defendant] uploaded proprietary software including pre-release software updates for Windows 8 RT, as well as Microsoft Activation Server Software Development Kit (SDK) to a computer in Redmond, Washington."

While it's unclear why this employee would engage in such an activity, he schemed with the blogger to open a "fake" activation server in a virtual machine (VM) that the two could control and use to sell illegal Windows 8 activation codes online. (The blogger in question had previously engaged in a similar but less sophisticated scheme to sell such codes on eBay.)

The defendant distributed the software to the blogger—who is conspicuously unnamed, no doubt the result of an agreement with law enforcement officials to help catch the leaker—via various Microsoft technologies such as SkyDrive (since renamed to OneDrive), the statement explains. Less dramatically, the two exchanged hot fixes for Windows RT, which (at the time of their activities in mid-2012) had yet to be released and was thus apparently somewhat interesting to technical people.

Microsoft was alerted to these activities in August 2012 when then-Windows head Steven Sinofsky was tipped off by an anonymous source. That source had been approached by the blogger to help use the SDK code to create a fake activation server, but he balked and emailed Mr. Sinofsky, who responded curtly and never followed up. The FBI statement claims that Microsoft's Office of Legal Compliance (OLC) OK'd an analysis of the blogger's Hotmail-based email in September 2012.

"An email was found within the blogger's Hotmail account which established that [the employee] shared confidential Microsoft information and data with the blogger through [the employee's] Windows Live Messenger account ... around July 2012 ... That email contained six ZIP files of pre-release 'hot fixes' for Windows 8 RT ... The fixes were not yet available, as Microsoft had not yet released Windows 8."

Microsoft also examined the VM that the employee had made accessible, remotely, to the blogger. "[The employee] had uploaded the Activation Server SDK ... and shared the file with the blogger."

To be clear, the activation server files could be considered the keys to the Windows kingdom, because a working activation server would allow the outside party to approve Windows 8 activations, effectively making a stolen copy of the OS legitimate. In an ironic twist, however, the investigation revealed that while the SDK would have provided insights into how product activation worked, it wasn't enough to create an outside activation server and the scheme would never have worked.

Microsoft interviewed the employee, who worked out of the firm's offices in Lebanon after a stint in Russia, which, coincidentally or not, is where many Microsoft product leaks originate. "He acknowledged leaking confidential and proprietary Microsoft information, products, and product-related information to the blogger," the FBI source testifies. (The blogger was also interviewed and admitted to his deeds as well.) The now ex-Microsoft employee relocated to Russia, where he works for "another US-based technology company with offices in Moscow and St. Petersburg, Russia." That company is 5nine Software. He was arrested this week in Washington state, the Seattle Post-Intelligencer reports, though it's unclear why he was in the state.

"We take protection of our intellectual property very seriously, including cooperating with law-enforcement agencies who are investigating potential criminal actions by our employees or others," a Microsoft statement notes.